Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Claims 1-27 are pending in this office action.

Claim Objections
Claim 6 is objected to because of the following informalities:  Claim 6 is a duplicate of claim 5.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-27 are rejected under 35 U.S.C. 103 as being unpatentable over Tsao et al. (U.S. Patent No. 7,574,202) in view of Georgiadis et al. (U.S. Patent No. 11,004,072).

Regarding claim 1, Tsao et al. teaches a system for authentication of an unknown device and connection to a secure network, comprising: a wide area network (WAN) (fig. 4, ref. num 301); a secure 
Tsao et al. does not teach certifying certify the unknown device as an identified device.
Georgiadis et al. teaches certifying the unknown device as an identified device (col. 48, lines 44-59).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to combine certifying the unknown device as an identified device, as taught by Georgiadis et al., with the method of Tsao et al.  It would have been obvious for such modifications because certified devices are able to bypass security checks.  Once a device has been validated, certification of the device saves time from being validated again.
Regarding claim 2, Tsao et al. teaches wherein the hub prohibits the unknown device from connecting to the secure LAN when the credentials from the unknown device are not verified (fig. 7, ref. num 728).

Regarding claim 3, Tsao et al. teaches wherein the hub permits the unknown device to remain connected to the unsecure LAN when the credentials from the unknown device are not verified (fig. 7, ref. num 727, “NO” path).

Regarding claim 4, Tsao et al. teaches wherein the identification data received by the hub comprises device identification information and manufacturer identification information for the unknown device (fig. 5B).

Regarding claims 5 and 6, Tsao et al. teaches wherein the hub, upon connection of the unknown device to the unsecured network, generates a data log entry related to the unknown device (col. 12, lines 59-67).

Regarding claim 7, Tsao et al. as modified by Georgiadis et al. teaches further comprising a blockchain data storage wherein the data log entries are stored in the blockchain data storage (see col. 44, lines 28-42 of Georgiadis et al.).

Regarding claim 8, Tsao et al. teaches wherein the secure database provides device configuration data comprising network utilization patterns, device defaults, communication authorizations, and operational restrictions for the identified device upon verification of the credentials (fig. 9D).
claim 9, Tsao et al. teaches wherein the credentials provided by the unknown device comprises a signed certificate (col. 10, lines 31-34).

Regarding claim 10, Tsao et al. as modified by Georgiadis et al. teaches wherein the hub, upon verification of the credentials, is further configured to provide a signed operational certificate to the identified device to permit the identified device to connect to the secure LAN (see col. 50, line 60 through col. 51, line 4 of Georgiadis et al.).

Regarding claim 11, Tsao et al. as modified by Georgiadis et al. teaches wherein the identified device generates an encryption key pair to request a certificate signing from the hub to permit the identified device to connect to the secure LAN (see col. 10, lines 41-65 of Georgiadis et al.).

Regarding claim 12, Tsao et al. as modified by Georgiadis et al. teaches wherein the hub, in response to the request for a certificate signing from the identified device, is further configured to provide a signed operational certificate to the identified device to permit the identified device to connect to the secure LAN (see col. 50, line 60 through col. 51, line 4 of Georgiadis et al.).

Regarding claim 13, Tsao et al. as modified by Georgiadis et al. teaches further comprising a blockchain data storage wherein the hub, upon verification of the credentials from the unknown device, generates a data log entry related to identification and acceptance of the unknown device for storage in the blockchain data storage (see col. 44, lines 28-42 of Georgiadis et al.).

claim 14, Tsao et al. teaches wherein a plurality of previously authenticated devices are coupled to the secure LAN, and the hub is further configured to generate an access control list for the identified device to thereby control access of authenticated devices by the identified device (col. 5, lines 55-64).

Regarding claim 15, Tsao et al. teaches wherein the access control list for the identified device determines which authenticated devices can control the identified device and which authenticated devices can be controlled by the identified device (col. 5, lines 55-64).

Regarding claim 16, Tsao et al. teaches wherein a plurality of previously authenticated devices are coupled to the secure LAN, and the hub is further configured to generate an access control list for the identified device to thereby control access of the identified device by authenticated devices (col. 11, lines 38-49).

Regarding claim 17, Tsao et al. teaches a method for authentication of an unknown device and connection to a secure network, comprising: initiating a connection process for the unknown device (col. 16, lines 9-18); a hub, coupled to a secure LAN and an unsecure LAN, establishing a communication link with the unknown device to thereby permit the unknown device to connect to the unsecure LAN (fig. 1, ref. num 100 connecting to 110); prohibiting the unknown device from communicating with the secure LAN or any devices connected to the secure LAN while the unknown device is connected to the unsecure LAN (col. 16, lines 19-44); the hub receiving device credentials from the unknown device (col. 16, lines 9-18); the hub communicating with a secure database using the received credentials to validate the received credentials against validation data in the secure database (fig. 5A-5C); and the hub issuing credentials to the identified device to permit the identified device to establish a secure session and transfer of connection from the unsecure LAN to the secure LAN (col. 7, lines 39-60).
Tsao et al. does not teach the hub, upon validation of the credentials from the unknown device, certifying the unknown device as an identified device.
Georgiadis et al. teaches the hub, upon validation of the credentials from the unknown device, certifying the unknown device as an identified device (col. 48, lines 44-59).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to combine certifying the unknown device as an identified device, as taught by Georgiadis et al., with the method of Tsao et al.  It would have been obvious for such modifications because certified devices are able to bypass security checks.  Once a device has been validated, certification of the device saves time from being validated again.

Regarding claim 18, Tsao et al. teaches further comprising: the hub generating log data related to the connection process; and storing the log data in a secure location (col. 12, lines 59-67).

Regarding claim 19, Tsao et al. teaches wherein generating log data comprises generating log data when the unknown device is connected to the unsecure LAN (col. 12, lines 59-67).

Regarding claim 20, Tsao et al. teaches wherein generating log data comprises generating log data related to identification and validation of the unknown device when the unknown device is connected to the secure LAN (col. 12, lines 59-67).

Regarding claim 21, Tsao et al. as modified by Georgiadis et al. teaches wherein storing the log data in a secure location comprises storing log data in a blockchain (see col. 44, lines 28-42 of Georgiadis et al.).

Regarding claim 22, Tsao et al. as modified by Georgiadis et al. teaches wherein a copy of the blockchain is stored in one or more devices connected to the secure LAN (see col. 44, lines 28-42 of Georgiadis et al.).

Regarding claim 23, Tsao et al. as modified by Georgiadis et al. teaches wherein a copy of the blockchain is stored in a server remote from the secure LAN (see col. 44, lines 28-42 of Georgiadis et al.).

Regarding claim 24, Tsao et al. teaches further comprising the hub receiving device configuration data for the identified device from the secure database (fig. 5C).

Regarding claim 25, Tsao et al. teaches wherein the device configuration data for the identified device comprises network utilization patterns, device defaults, communication authorizations, and operational restrictions (fig. 9D).

Regarding claim 26, Tsao et al. teaches further comprising the hub prohibiting the unknown device from connecting to the secure LAN when the credentials from the unknown device are not validated (fig. 7, ref. num 728).

Regarding claim 27, Tsao et al. teaches wherein the hub permits the unknown device to remain connected to the unsecure LAN when the credentials from the unknown device are not validated (fig. 7, ref. num 727, “NO” path).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON S HOFFMAN whose telephone number is (571)272-3863.  The examiner can normally be reached on Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON S HOFFMAN/Primary Examiner, Art Unit 2433